# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  include AuthenticatedSystem

  # render new.rhtml
  def new
    if User.count < 1
      User.create_first_user
    end
    if logged_in?
      redirect_to tickets_url
    end
  end
  
  def access_denied  
  end

  def create
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      self.current_user.remember_me
      cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      redirect_to tickets_url
      flash[:notice] = "Logged in successfully"
    else
      session[:login] = params[:login]
      redirect_to "/login"
      flash[:notice] = "Wrong login/password"
    end
  end

  def destroy
    self.current_user.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_to('/login')
  end
end
